Privacy Policy

We are Paymentsense Limited and its group companies. Dojo is a trading name of Paymentsense Limited.

Whenever we say “we” in this Privacy Policy, we mean Dojo (or another of our group companies, if that group company provides the relevant product or service to you. Where you are a customer based in Ireland, this means that the relevant group company is Paymentsense Ireland Limited).

For our queue management services, WalkUp Limited is the relevant data controller.

This Privacy Policy applies to any of the processing activities we may conduct in relation to our ‘business-to-business’ products and services (including our payment services). If you are a consumer using any of our consumer products and services, please see our Privacy Policy for Consumers, which describes how and why our group processes any personal data in respect of those products and services.

Our registered office address in the Republic of Ireland is 9 Clare Street, Dublin 2, D02 HH30, Ireland

We are authorised and regulated by the Central Bank of Ireland.

We are committed to protecting and respecting your privacy.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using it.

When you visit our website, or use any of our applications; or provide information to us via our website, or any of our applications, you are accepting and consenting to our processing of your information in accordance with this Privacy Policy, our Cookie Policy, our Website Terms and Conditions and any other contract we may have with you including, without limitation, our Terms and Conditions.

The personal data we hold about you needs to be accurate and current. Where you provide any personal data directly to us, please keep us informed if this information changes during your relationship with us. You can get in touch with us at dataprotection@dojo.tech or by phone on 0800 103 2959.

If you have any questions about this Privacy Policy or how we handle privacy, please contact us at dataprotection@dojo.tech or by phone on 0800 103 2959.

You have the right to make a complaint to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at dataprotection@dojo.tech or by phone on 0800 103 2959.

Under data protection laws, we are known as the data controller of your personal data and this Privacy Policy relates only to our activities as a data controller. We are a data controller whenever we decide how, why, and by what means personal data is to be processed.

Personal data means any information about you that could be used to help identify you. In this Privacy Policy we use ‘personal data’ and ‘information’ interchangeably. This includes personal and financial information about you that we collect, use, share and store.

This may include your name, date of birth, address, contact information, financial information, details about your health and lifestyle, employment details and device identifiers including internet protocol (IP) address. It may include information about any other Dojo products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.

Processing of this information occurs whenever any action is taken in relation to it, regardless of whether the action is automated or not. Some common examples of processing include collection, organisation, storing and deletion.

We collect, use, share, record and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you, to improve our customer service to you by analysis key customer trends and topics. We use a variety of channels to do so, including via our team of payment consultants. Our payment consultants are not permanent employees of Dojo and are self-employed. We take care to ensure your information is appropriately protected when used by our payment consultants.

You may provide this information direct to us, for example by the way you communicate or do business with us, such as:

• applying for our products or services;
• using our branches, telephone services, websites or mobile applications;
• writing or calling us;
• entering competitions or promotions;
• downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
• using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
• giving information to us at any other time, including calls and through social media.

This information may also come from other organisations or people, such as other Paymentsense companies, other organisations you have a relationship with, joint account holders, credit reference agencies, employers, and/or fraud prevention agencies.

If you do not provide the information that we tell you must provide, this may mean that we are unable to properly provide our products and services and/or carry out all our obligations under our contractual agreements with you.

Checking your identity

If you are a merchant or a corporate, we will need to confirm your identity as part of our KYB/KYC process. We will ask you to provide documents, and will also collect information from third-parties, such as commercial registers, for this purpose.

We use this information to:

• to provide our services to you;
• to help us develop new and improved products and services to meet your and our other customers’ needs;
• to improve our customer service capabilities and enhance your customer experience;
• to analyse common issues and topics raised by customers; 
• to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you;
• for training;
• for record-keeping;
• to communicate with you;
• to meet the obligations we have by law and under any regulations that apply;
• where we have a legitimate interest in using your information, for example to protect our commercial interests or to prevent fraud; and
• to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies where you have consented for us to do so) which may be of interest to you.

An example of how we use your information to provide our services:

If any changes we make to our services affect you, we'll normally contact you using the email address you gave us when you signed up, or through our customer portal, to tell you about the changes.

Under data protection laws, whenever we process your personal data, we must meet at least one set condition for processing. These conditions are set out in data protection laws and we rely on a number of different conditions for the activities we carry out.

We may use your information for the following purposes and under the following legal bases which are described below.

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following outlined below.

Keeping to our contracts and agreements with you:

We need certain personal data to provide our services and cannot provide them without this information.

Legal obligations:

In some cases, we have a legal responsibility to collect and store your personal data (for example, under AML laws and regulations we must hold certain information about our customers).

Legitimate interests:

We sometimes collect and use your personal data, or share it with other organisations, because we or they have a legitimate reason to have it and this is reasonable when balanced against your right to privacy.

Consent:

Where you've agreed to us collecting your information, for example by using our customer portal we provide, or when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.

Merchants

For the purposes of data protection we consider a physical person (as opposed to a company) that is a sole trader or individual and who registers for and/or uses our 'business-to-business' services or buys products from us (such as a card reader) to be a merchant. The personal data we collect from merchants includes:

 The purpose and legal basis for processing the personal data outlined above will be:

End-customers

For end-customers who use services provided by our merchants, we will collect and process the following information:

When we say ‘end-customer’ in this Privacy Policy for Business, we do not mean consumers who use our consumer products and services. For information about how we and other members of our group process any personal data in the context of our consumer products and services, see our Privacy Policy for Consumers.

 The purpose and legal basis for processing the personal data outlined above will be:

Individuals and customer representatives

For individuals and customer representatives contacting our customer support team or us generally, via email, telephone, online chat, SMS or any other communication channel, we will collect and process the following information:

The purpose and legal basis for processing the personal data outlined above will be:

Individuals within corporates

In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:

 The purpose and legal basis for processing the personal data outlined above will be:

In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:

 The purpose and legal basis for processing the personal data outlined above will be:

Collecting information from third-parties

To ensure that the services we provide are secure and efficient we process personal data from selected third-parties. These third-party sources (and the categories of information) include:

Sharing information with third-parties

Sharing your information with third-parties

We may also share your information with the following third-parties:

• companies that are in the same corporate group as us;
• suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services to us, in order to support us in relation to the products and services we offer and provide to you;
• our financial service, card scheme and payment providers, which assist us in providing our products and services to you, including Visa, Mastercard and American Express;
• our business partners who we may share personal data with in order for them to provide you with information about goods and services which complement and relate to our core products offering, including our merchant cash advance product, provided by YouLend;
• advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
• user experience, service design and market research agencies and technology service providers that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
• analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
• credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
• sharing your information with technology services providers to conduct analysis of common customer issues and topics to enhance customer experience, improving our customer service response and engagement capabilities;
• sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
• sharing information with our funding partners in circumstances concerning our financial affairs.

An example of when we may share your personal data with our partners:

If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.

An example of how we use your personal data for marketing:

If you are a Dojo customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this or where we rely on the 'soft opt-in'. We may use information we gather about you through your use of our services to tailor these offers to you.

We may also disclose your personal data to third-parties:

• in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
• if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (or otherwise where there is a substantial public interest in providing your personal data to any relevant public authority), or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes

We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.

Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.

If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.

If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.

Links to third-party websites

Our website features third-party advertising which provides links to and from third-party websites. If you follow a link to any of these third-party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with such policies and not with this Privacy Policy. We have no control over such third-parties or their websites or privacy policies. These third-parties may contact you or permit third-parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications.

We do not accept any responsibility or liability for third-party websites or their privacy policies. We strongly advise you to check such policies and the reputation of the website before you submit your information to, or carry out any transaction on, any third-party website.

We welcome any feedback you may have about third-party websites linked to from our website. Please email us at dataprotection@dojo.tech or by phone on 0800 103 2959.

Our relationship with Apple and Google Play

We acknowledge that when you use our application, as provided on Apple’s App Store and Google’s Play Store, any end-user licence agreement is concluded between us and you - and not with either Apple or Google. You further agree to observe the App Store Terms of Service and the Google Play Terms of Service.

Sharing your information with credit reference and fraud prevention agencies

When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal data and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal data with other organisations.

The credit reference agencies, and the ways in which they use and share personal data, are explained in more detail at www.experian.co.uk/crain/ and www.equifax.co.uk/crain/.

Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.

If you’d like to know about the information credit reference agencies hold about you, you should contact them directly (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all.

Their contact details are as follows:

TransUnion: www.transunion.co.uk/contact-us

Equifax PLC: www.equifax.co.uk/support/en_gb/

Experian: www.experian.co.uk/contact-us/

We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.

An example of when we may share your personal data with our partners:

If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.

An example of how we use your personal data for marketing:

If you are a Dojo customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.

We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.

Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.

If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.

If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.

We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.

All environments that are used in the transmission of payment transactions are hosted in an environment that has passed PCI DSS Level 1 service provider accreditation, and are therefore required to adhere to all the requirements stated by the PCI Security Standards Council.

To get more information about the different requirements of the PCI Security Standards Council please read more here.

Please note that the transmission of information via the internet is not completely secure and, although we will do our best to protect your information, we cannot guarantee the security of any of your information transmitted via our website or our applications. Any transmission is at your own risk. If we become aware that the security of your information has been compromised, we will notify you by email or as otherwise required by law.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our applications, you are responsible for keeping this password confidential and you must not share it with anyone.

If you think your password or any other aspect of your account has become compromised, you must inform us immediately at dataprotection@dojo.tech or by phone on 0800 103 2959.

We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.

If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information for legal and regulatory reasons. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

International transfers

When we transfer your information outside of the UK and EEA (as applicable), we will:

• rely on the fact that the UK Government or European Commission (as applicable) has determined that the recipient jurisdiction is ‘adequate’ for data protection;
• make sure that the organisations we transfer your information to apply an equivalent level of protection to that in the UK and EEA (as relevant), by placing conditions in the contract with the organisations receiving your personal data to protect it to the standard required in the UK or the EEA (as applicable);
• and / or possibly ask the organisations receiving your information to subscribe to international frameworks intended to allow information to be shared securely.

If we transfer your information outside the EEA in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.

As the UK has left the European Union (EU), it has ceased to be an EU member state. We may still be required (for the purposes described in this Privacy Policy) to:

• transfer personal data from the UK to the EU, the EEA or elsewhere; and
• receive personal data from outside the UK (including from the EU/EEA) into the UK.

Where we make or receive such transfers, we will ensure that those transfers are lawful and (where necessary) we shall put in place appropriate measures, such as those we set out above.

What are my rights?

Our website uses cookies to distinguish you from other website users. Cookies help to provide a more personalised experience when you browse our website and also allows us to improve our website. Please take a look at our Cookie Policy for detailed information on the cookies we use and the purposes for which we use them.

Children

We do not knowingly collect information from individuals who are under the age of 16. If you are under the age of 16, please do not register an account with our website or provide any information about yourself on our website. If you have already done so, please contact us.

What words and phrases in bold mean

 AML means anti-money laundering.

customer portal means the portal you use to access information regarding your use of the services through the Paymentsense website and the Paymentsense app if you have installed it.

data controller has the meaning given in the GDPR.

 data processor has the meaning given in the GDPR.

 data protection laws means the GDPR and other laws or regulations that apply to the processing of personal data.

 data subject has the meaning given in the GDPR.

GDPR means the General Data Protection Regulation (EU 2016/679) or substantially equivalent laws enacted later in the UK.

KYB means Know Your Business.

KYC means Know Your Customer.

MOTO means mail order telephone order.

PCI DSS means the Payment Card Industry Data Security Standard.